Vulnerability Details CVE-2025-55213
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This vulnerability is fixed in 1.9.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.7%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-55213
-
cpe:2.3:a:openfga:helm_charts:0.2.40
-
cpe:2.3:a:openfga:helm_charts:0.2.41
-
cpe:2.3:a:openfga:openfga:1.9.3
-
cpe:2.3:a:openfga:openfga:1.9.4